Situation:

In June 2019 the Gold Coast Show Website got hacked. It was redirecting all visitors to Phishing websites that looked like Google.

The Gold Coast Show Website is based on WordPress and has been managed by their internal staff. Because the site is only really used in the two months leading up to the show at the end of August, it mostly sits unchanged for the rest of the year. They were unaware of the dangers of doing this.

The reason the website got hacked was due to an identified vulnerability in the version of the “Yoast SEO” plugin installed. Hackers became aware of the vulnerability and took advantage of sites that had not updated this plugin.

Action:

WPEasy repaired the site and took over management of the website. This was an extensive task to clean up the site and all residual malicious code.

Result:

The website is now properly managed. Risk of the site being hacked again is substantially mitigated. In the unlikely event that the site does get hacked  again, it can be recovered quickly from the backups.

Now:

  • The website is backed up off-site every day
  • All plugin, Theme and Core updates are done every week
  • Security scans are performed every day
    • Identified Vulnerabilities are resolved as soon as an update becomes available
  • The website Up-Time is monitored 24 x 7 x 365
  • Monthly reports are provided to the GCS Management, so they can be assured the above tasks are being done